Partial fix for problems output by checkbashisms for file
magnum/templates/swarm/fragments/write-docker-service.sh only.
Quoted variable as recommended.
Change-Id: Iadcd3435b39ad7bd2575bbf838add1c22b04944f
Partial-Bug: #1561232
Partial fix for problems output by checkbashisms for file
magnum/templates/swarm/fragments/configure-docker-storage.sh only.
Change-Id: I6fc8c789a2b5a1838c0ae98521e236c80a199323
Partial-Bug: #1561232
* Rename tenant to project in functional test In particular,
rename "admin_tenant_name" to "admin_project_name" and
rename "tenant_name" to "project_name". These configs have been
renamed in tempest [1], so Magnum needs to adapt the change.
* Temporarily remove "subjectAltName" from CSR config, because
it caused failure of certificate signing, possibly, due to a
bug or imcompatible change in pyOpenSSL 16.0.0.
[1] https://review.openstack.org/#/c/301167/
Change-Id: I41438cbfaefd9d04d7e73a4f46f5ece1494b349c
Closes-Bug: #1568212
Closes-Bug: #1567691
Currently, we use the users auth token, which expires after a while.
We need to use a trust instead.
Remove user_token at the same time.
Change-Id: Id1d34c59eccd70be24c5b9e00cd921b5a9d59860
Partially-Implements: blueprint use-trust-for-tls-cert-generation
Allow configuring Flannel with 3 different backends
Magnum deploys k8s/swarm over a dedicated neutron private network,
possibly using flannel. Flannel's `host-gw` backend gives the best
performance in this topopolgy (private layer2): no packet processing
overhead, no reduction to MTU, scales to many hosts as well as the
alternatives. The performance difference is significant, see bug for
performance numbers for the 3 backend options.
Note that part of this change involves relaxing the minion IP spoofing
rules to allow traffic from all dynamically-allocated flannel subnets.
This is morally equivalent to what we were doing previously with
encapsulation - only now neutron is able to see the inner IP header
directly.
This patch repurposes the label "flannel_use_vxlan" when the network
driver is flannel.
1. Rename the label flannel_use_vxlan to flannel_backend
2. Redefine the value of this label from "yes/no"
to "udp/vxlan/host-gw"
For example, to create a bay model with flannel as network driver:
--network-driver flannel --labels flannel_backend=host-gw
Other backend options are udp and vxlan.
Co-Authored-By: Ton Ngo <ton@us.ibm.com>
Partial-Bug: #1518605
Closes-Bug: #1516789
Change-Id: I6d2441664ad1baaca14d0e6ff4bcddbe75bee094
Make scripts adaptable to different network interface.
Some scripts currently query eth0 directly to get the IP of
the node. This causes the script to fail if the node uses
a different network interface. The change passes in the
IP from Heat so that it is not susceptible to the particular
network interface being used.
This change is necessary to use the stock image from Atomic,
since eth0 is not used in this image.
This patch is broken out from the patch:
https://review.openstack.org/#/c/276232/
so that it can proceed independently.
Co-Authored-By: Corey O'Brien <coreypobrien@gmail.com>
Partially-Implements: blueprint atomic23
Change-Id: If8f972d8dabc8304484dfaff8d4e7f1f8755507b
SELinux is an important security features. We need to turn it on
after cloud-init. This patch did that for swarm.
Change-Id: I1862a63498613535741c3aae9c0378911ec21315
Partial-Bug: #1543308
This reverts commit cf85c5ac03.
The kube-scheduler failed to spin up after that commit. As a result,
the k8s bay is not functioning. I would suggest to revert that
commit first if we cannot figure out a quick fix.
Closes-Bug: #1551648
Change-Id: If7f8164368be3eec39f9a795a5e7748af68a6f48
After cloud-init has run configuration steps, turn on selinux again
for security reasons.
Change-Id: I12a5b2ff3e71be39aa84093fce8b1c2b1be9d473
Closes-Bug: 1543308
Prevents etcdctl from hanging when etcd has not started by explictly
specifying connection timeouts.
Reduce swarm build time by removing the unneccessary dependency
between masters and nodes.
Only create 1 node instead of 2 nodes
Remove test_update_bay_name_for_existing_bay
Change-Id: If6724497b47247d2858b6da90309949f92314cfb
Closes-Bug: 1541105
Fix incorrect Docker storage configuration at agent nodes which cause
failure of docker-storage-setup.service. Add Cinder volume to the
master and configure Docker DeviceMapper to use them and set proper
volume sizes for integration tests
Change-Id: I57dfd6174143f8c7563db2920dd4e94b4f3c9883
Related-Bug: #1500062
The swarm func test occasionally failed with the error below. This
error cannot be determinately reproduced. After some experiments,
it seems that swarm will abort connections during registration of
a new swarm agent.
ConnectionError: ('Connection aborted.', BadStatusLine("''",))
This commit tries to fix the issue by waiting for the completion of
agent registration. After the swarm agent service starts, it checks
ETCD to ensure the agent was successfully registered before sending
signal to Heat to indicate its success.
Closes-Bug: #1521395
Change-Id: Iec1772d1df7d85e367676758b1f97a5b604c0eb7
Add --replication and --advertise to swarm master to support swarm HA.
After this patch, user can start more than 1 swarm master.
Refer docs: https://docs.docker.com/swarm/multi-manager-setup/
Partially implements: blueprint swarm-high-availability
Change-Id: I3b6c1ad64598541d055178a54f1507af6882c736
Would like to make swarm much more similar with k8s.
This patch is the preparation of supporting Swarm HA mode:
1. Refactor swarm.yaml to swarmcluster.yaml and swarmmaster.yaml
2. Add api_pool, LB in front of swarm master node.
3. Add etcd_pool
After this change:
Swarm bay will update the fileds of 'master_addresses'.
P.S. notes Swarm HA is not supported yet, master_addresses will be only 1
ip address.
Partially implements: blueprint swarm-high-availability
Change-Id: Ib6346bfd5a7ad0ef2226a6e6bc98b0ad46e577cb
Currently Swarm version in magnum are appear in multiple files.
It's not easy for us to maintain.
This patch add a global var to store swarm image and its version.
so that we can update swarm image more easy.
Change-Id: I3063ff4350f8e2f3c96b0bc3700ed509edad206b
Closes-Bug: #1515567
This commit changes to using etcd as bootstrapping, but forget to add
proxy when configure etcd service.
Closes-Bug: #1518857
Change-Id: I09ab343c7608af9fc93df2221ea97a31d0b05cb4
Previously, Swarm leveraged Docker's public discovery mechanism
for bootstrapping a cluster. Etcd bootstrapping is supported by
Swarm and is preferred for production use for the following reasons:
1. Required for HA.
2. Is more secure.
3. Required for the Flannel network-driver.
Partially-Implements: blueprint extend-baymodel-net-attributes
Partially-Implements: blueprint conductor-template-net-update
Change-Id: Iab844c03ed7cf8bbee69b72ff71c219f0a5ab1dd
Previously, the Swarm templates did not support the Container
Network Model. The templates have been updated to support the
Flannel --network-driver. Conditionals have been added to support
future --network-drivers.
Partially-Implements: blueprint heat-network-refactor
Change-Id: Ie90e41568df05055b91764b861e08de6f689d864
Previously, the swarm bay type did not support using a cinder
volume for docker.
Implements: blueprint swarm-cinder
Change-Id: I8acaf60caab52a5e5a234e4c5f89ce3dd155759c
The default value of TimeoutStartSec=90, but it will fail on gate.
set TimeoutStartSec=300 to docker service.
It is hard to decide which one is the best choice, I tested on gate, 180 is
fine, some other guys tested on their local setup, said 4 mins, let's
hard code it as 300s first, if docker failed to start at 5 mins, it would be
failed.
see link [1] for reference.
[1] http://man7.org/linux/man-pages/man5/systemd.service.5.html
Co-Authored-By: Kai Qiang Wu <wkqwu@cn.ibm.com>
Partially implements: blueprint swarm-functional-testing
Change-Id: I4fe4f607a2353010092ff565a7189ad3189b0ea9
Rename heat-kubernetes to kubernetes, heat-mesos to mesos,
docker-swarm to swarm in templates. We use heat templates and
no other methods, so I think it is unnecessary to add heat before
coe. kubernetes, mesos, swarm are better than
heat-kubernetes, heat-mesos, docker-swarm.
Change-Id: I257b35c1c4ef55d3172095736f550f2c55c8d81f
Closes-Bug: #1514682
Jenkins